

<!DOCTYPE html>
<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
<head>
  <meta charset="utf-8">
  
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  
  <title>网络虚拟化 &mdash; Singularity container 3.5 documentation</title>
  

  
  
    <link rel="shortcut icon" href="_static/favicon.png"/>
  
  
  

  
  <script type="text/javascript" src="_static/js/modernizr.min.js"></script>
  
    
      <script type="text/javascript" id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
        <script src="_static/jquery.js"></script>
        <script src="_static/underscore.js"></script>
        <script src="_static/doctools.js"></script>
        <script src="_static/language_data.js"></script>
        <script src="_static/js/ga.js"></script>
    
    <script type="text/javascript" src="_static/js/theme.js"></script>

    

  
  <link rel="stylesheet" href="_static/css/theme.css" type="text/css" />
  <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
  <link rel="stylesheet" href="_static/css/custom.css" type="text/css" />
    <link rel="index" title="Index" href="genindex.html" />
    <link rel="search" title="Search" href="search.html" />
    <link rel="next" title="使用cgroups限制容器资源" href="cgroups.html" />
    <link rel="prev" title="安全选项" href="security_options.html" /> 
</head>

<body class="wy-body-for-nav">

   
  <div class="wy-grid-for-nav">
    
    <nav data-toggle="wy-nav-shift" class="wy-nav-side">
      <div class="wy-side-scroll">
        <div class="wy-side-nav-search" >
          

          
            <a href="index.html" class="icon icon-home"> Singularity container
          

          
            
            <img src="_static/logo.png" class="logo" alt="Logo"/>
          
          </a>

          
            
            
              <div class="version">
                3.5
              </div>
            
          

          
<div role="search">
  <form id="rtd-search-form" class="wy-form" action="search.html" method="get">
    <input type="text" name="q" placeholder="Search docs" />
    <input type="hidden" name="check_keywords" value="yes" />
    <input type="hidden" name="area" value="default" />
  </form>
</div>

          
        </div>

        <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
          
            
            
              
            
            
              <ul>
<li class="toctree-l1"><a class="reference internal" href="introduction.html">介绍</a></li>
<li class="toctree-l1"><a class="reference internal" href="quick_start.html">快速入门</a></li>
<li class="toctree-l1"><a class="reference internal" href="security.html">Singularity安全</a></li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="build_a_container.html">Build容器</a></li>
<li class="toctree-l1"><a class="reference internal" href="definition_files.html">Definition文件</a></li>
<li class="toctree-l1"><a class="reference internal" href="build_env.html">Build环境</a></li>
<li class="toctree-l1"><a class="reference internal" href="singularity_and_docker.html">Singularity和Docker</a></li>
<li class="toctree-l1"><a class="reference internal" href="fakeroot.html">Fakeroot</a></li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="signNverify.html">签名和认证</a></li>
<li class="toctree-l1"><a class="reference internal" href="key_commands.html">Key管理</a></li>
<li class="toctree-l1"><a class="reference internal" href="encryption.html">容器加密</a></li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="endpoint.html">容器仓库</a></li>
<li class="toctree-l1"><a class="reference internal" href="cloud_library.html">Cloud Library</a></li>
</ul>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="bind_paths_and_mounts.html">路径映射</a></li>
<li class="toctree-l1"><a class="reference internal" href="persistent_overlays.html">持久化Overlay</a></li>
<li class="toctree-l1"><a class="reference internal" href="running_services.html">运行服务</a></li>
<li class="toctree-l1"><a class="reference internal" href="environment_and_metadata.html">环境变量和元数据</a></li>
<li class="toctree-l1"><a class="reference internal" href="oci_runtime.html">OCI运行时</a></li>
<li class="toctree-l1"><a class="reference internal" href="plugins.html">插件</a></li>
<li class="toctree-l1"><a class="reference internal" href="security_options.html">安全选项</a></li>
<li class="toctree-l1 current"><a class="current reference internal" href="#">网络选项</a><ul>
<li class="toctree-l2"><a class="reference internal" href="#dns"><code class="docutils literal notranslate"><span class="pre">--dns</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="#hostname"><code class="docutils literal notranslate"><span class="pre">--hostname</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="#net"><code class="docutils literal notranslate"><span class="pre">--net</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="#network"><code class="docutils literal notranslate"><span class="pre">--network</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="#network-args"><code class="docutils literal notranslate"><span class="pre">--network-args</span></code></a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="cgroups.html">Cgroups</a></li>
<li class="toctree-l1"><a class="reference internal" href="mpi.html">MPI应用</a></li>
<li class="toctree-l1"><a class="reference internal" href="gpu.html">GPU支持</a></li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="contributing.html">Contributing</a></li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="appendix.html">Appendix</a></li>
<li class="toctree-l1"><a class="reference internal" href="cli.html">Command Line Reference</a></li>
</ul>

            
          
        </div>
      </div>
    </nav>

    <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">

      
      <nav class="wy-nav-top" aria-label="top navigation">
        
          <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
          <a href="index.html">Singularity container</a>
        
      </nav>


      <div class="wy-nav-content">
        
        <div class="rst-content style-external-links">
        
          















<div role="navigation" aria-label="breadcrumbs navigation">

  <ul class="wy-breadcrumbs">
    
      <li><a href="index.html">Docs</a> &raquo;</li>
        
      <li>网络虚拟化</li>
    
    
      <li class="wy-breadcrumbs-aside">
        
            
            
              <a href="https://github.com/sylabs/singularity-userdocs/blob/master/networking.rst" class="fa fa-github"> Edit on GitHub</a>
            
          
        
      </li>
    
  </ul>

  
  <hr/>
</div>
          <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
           <div itemprop="articleBody">
            
  <div class="section" id="networking">
<span id="id1"></span><h1>网络虚拟化<a class="headerlink" href="#networking" title="Permalink to this headline">¶</a></h1>
<p id="sec-networking">Singularity从3.0开始完全支持 <a class="reference external" href="https://github.com/containernetworking/cni">cni</a>, 其新增的一些特性使得很容易使用网络虚拟化。</p>
<p><code class="docutils literal notranslate"><span class="pre">exec</span></code>, <code class="docutils literal notranslate"><span class="pre">run</span></code> 和 <code class="docutils literal notranslate"><span class="pre">shell</span></code> 命令增加了一些新的选项， <code class="docutils literal notranslate"><span class="pre">--net</span></code> 标记也进行了更新。这些选项和标记只能被root用户使用。</p>
<div class="section" id="dns">
<h2><code class="docutils literal notranslate"><span class="pre">--dns</span></code><a class="headerlink" href="#dns" title="Permalink to this headline">¶</a></h2>
<p>使用 <code class="docutils literal notranslate"><span class="pre">--dns</span></code> 选项可以将以逗号分隔的多个DNS servers加入到容器中的 <code class="docutils literal notranslate"><span class="pre">/etc/resolv.conf</span></code> 文件中。</p>
<div class="highlight-none notranslate"><div class="highlight"><pre><span></span>$ nslookup sylabs.io | grep Server
Server:             127.0.0.53

$ sudo singularity exec --dns 8.8.8.8 ubuntu.sif nslookup sylabs.io | grep Server
Server:             8.8.8.8

$ sudo singularity exec --dns 8.8.8.8 ubuntu.sif cat /etc/resolv.conf
nameserver 8.8.8.8
</pre></div>
</div>
</div>
<div class="section" id="hostname">
<h2><code class="docutils literal notranslate"><span class="pre">--hostname</span></code><a class="headerlink" href="#hostname" title="Permalink to this headline">¶</a></h2>
<p><code class="docutils literal notranslate"><span class="pre">--hostname</span></code> 可以设置容器中的hostname
within the container.</p>
<div class="highlight-none notranslate"><div class="highlight"><pre><span></span>$ hostname
ubuntu-bionic

$ sudo singularity exec --hostname hal-9000 my_container.sif hostname
hal-9000
</pre></div>
</div>
</div>
<div class="section" id="net">
<h2><code class="docutils literal notranslate"><span class="pre">--net</span></code><a class="headerlink" href="#net" title="Permalink to this headline">¶</a></h2>
<p>使用 <code class="docutils literal notranslate"><span class="pre">--net</span></code> 标记，容器在初始化的时候会加入一个新的 network namespace。</p>
<div class="highlight-none notranslate"><div class="highlight"><pre><span></span>$ hostname -I
10.0.2.15

$ sudo singularity exec --net my_container.sif hostname -I
10.22.0.4
</pre></div>
</div>
</div>
<div class="section" id="network">
<h2><code class="docutils literal notranslate"><span class="pre">--network</span></code><a class="headerlink" href="#network" title="Permalink to this headline">¶</a></h2>
<p><code class="docutils literal notranslate"><span class="pre">--network</span></code> 选项通常和 <code class="docutils literal notranslate"><span class="pre">--net</span></code> 标记组合使用。他可以接受以逗号分隔的多种网络类型。
每种都会在容器中创建一个专门的网口。</p>
<div class="highlight-none notranslate"><div class="highlight"><pre><span></span>$ hostname -I
172.16.107.251 10.22.0.1

$ sudo singularity exec --net --network ptp ubuntu.sif hostname -I
10.23.0.6

$ sudo singularity exec --net --network bridge,ptp ubuntu.sif hostname -I
10.22.0.14 10.23.0.7
</pre></div>
</div>
<p>当使用 <code class="docutils literal notranslate"><span class="pre">--network</span></code> 选项时，singularity会从网络配置文件夹(通常是 <code class="docutils literal notranslate"><span class="pre">/usr/local/etc/singularity/network/</span></code>)下寻找各种网络类型的配置。
默认安装下，下面这些网络类型会被配置文件。</p>
<blockquote>
<div><ul class="simple">
<li><p>bridge</p></li>
<li><p>ptp</p></li>
<li><p>ipvlan</p></li>
<li><p>macvlan</p></li>
<li><p>none (must be used alone)</p></li>
</ul>
</div></blockquote>
<p><code class="docutils literal notranslate"><span class="pre">None</span></code> 是唯一一种能被普通用户使用的网络。它在容器中只有一个loopback的网络接口。</p>
<p>管理员也可以定义定制化的网络配置，将配置放在配置文件夹下面。</p>
</div>
<div class="section" id="network-args">
<h2><code class="docutils literal notranslate"><span class="pre">--network-args</span></code><a class="headerlink" href="#network-args" title="Permalink to this headline">¶</a></h2>
<p>使用 <code class="docutils literal notranslate"><span class="pre">--network-args</span></code> 选项可以方便的将参数传递给cni plugin。这个选项也要和 <code class="docutils literal notranslate"><span class="pre">--net</span></code> 标记一起使用。</p>
<p>比如你想在容器中启动一个使用80端口的 <a class="reference external" href="https://www.nginx.com/">NGINX</a>，但是你想讲host上的8080端口映射到容器内的80端口。</p>
<div class="highlight-none notranslate"><div class="highlight"><pre><span></span>$ sudo singularity instance start --writable-tmpfs \
    --net --network-args &quot;portmap=8080:80/tcp&quot; docker://nginx web2
</pre></div>
</div>
<p>上面的命令将从Docker Hub的拉取NGINX镜像，并启动一个叫做 <code class="docutils literal notranslate"><span class="pre">web2</span></code> 的instance。
NGINX的instance需要写硬盘，所以添加了 <code class="docutils literal notranslate"><span class="pre">--writable-tmpfs</span></code> 标记。
使用 <code class="docutils literal notranslate"><span class="pre">--network-args</span></code> 选项时，<code class="docutils literal notranslate"><span class="pre">--net</span></code> 标记是必须的同时使用的。
<code class="docutils literal notranslate"><span class="pre">portmap=8080:80/tcp</span></code> 映射host上的8080端口到容器内的80端口。</p>
<p>下面我们就可以在容器内启动NGINX:</p>
<div class="highlight-none notranslate"><div class="highlight"><pre><span></span>$ sudo singularity exec instance://web2 nginx
</pre></div>
</div>
<p>使用 <code class="docutils literal notranslate"><span class="pre">curl</span></code> 命令可以验证通过host的8080端口能访问NGINX。</p>
<div class="highlight-none notranslate"><div class="highlight"><pre><span></span>$ curl localhost:8080
10.22.0.1 - - [16/Oct/2018:09:34:25 -0400] &quot;GET / HTTP/1.1&quot; 200 612 &quot;-&quot; &quot;curl/7.58.0&quot; &quot;-&quot;
&lt;!DOCTYPE html&gt;
&lt;html&gt;
&lt;head&gt;
&lt;title&gt;Welcome to nginx!&lt;/title&gt;
&lt;style&gt;
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
&lt;/style&gt;
&lt;/head&gt;
&lt;body&gt;
&lt;h1&gt;Welcome to nginx!&lt;/h1&gt;
&lt;p&gt;If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.&lt;/p&gt;

&lt;p&gt;For online documentation and support please refer to
&lt;a href=&quot;http://nginx.org/&quot;&gt;nginx.org&lt;/a&gt;.&lt;br/&gt;
Commercial support is available at
&lt;a href=&quot;http://nginx.com/&quot;&gt;nginx.com&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Thank you for using nginx.&lt;/em&gt;&lt;/p&gt;
&lt;/body&gt;
&lt;/html&gt;
</pre></div>
</div>
<p>更多关于cni的信息, 请参考 <a class="reference external" href="https://github.com/containernetworking/cni/blob/master/SPEC.md">cni specification</a>。</p>
</div>
</div>


           </div>
           
          </div>
          <footer>
  
    <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
      
        <a href="cgroups.html" class="btn btn-neutral float-right" title="使用cgroups限制容器资源" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right"></span></a>
      
      
        <a href="security_options.html" class="btn btn-neutral float-left" title="安全选项" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left"></span> Previous</a>
      
    </div>
  

  <hr/>

  <div role="contentinfo">
    <p>
        &copy; Copyright 2017-2019, Sylabs Inc

    </p>
  </div>
  Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/rtfd/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>. 

</footer>

        </div>
      </div>

    </section>

  </div>
  


  <script type="text/javascript">
      jQuery(function () {
          SphinxRtdTheme.Navigation.enable(true);
      });
  </script>

  
  
    
   

</body>
</html>